How To Protect Your Data From Hacker Attacks

Lee Martinez
Posted on December 14, 2011

I know you believe that your auto liability, general liability, property, crime, employment practices liability, umbrella liability, and all the other types of insurance policies should cover you in many circumstances, but there is a new enemy out there. And it has the insurance carriers scrambling to provide adequate coverage for its customer base.

That new exposure is cyber liability, and it can be crippling if not addressed.

“Cyberspace is the next … liability exposure…with high profile cyber attacks and an arsenal of schemes to gain personal information.”
— National Underwriter, June 16, 2011

“The recent string of sensational hacker attacks is driving companies to seek ‘cyber insurance’ worth hundreds of millions of dollars.”
— Reuters, June 15, 2011

It’s your burden

Consumers bear the burden as they are less protected and thus more liable. Courts are siding with vendors and not their customers when it comes to the misuse of data. In speaking directly to the public transportation industry, the transportation company bears the burden, not the bank vendor who they process their credit card transactions with. 

Please consider the following:

  • The average cost for a breach of your customers’ personal information is estimated at more than $200 per record considering notification, monitoring costs and the value of lost customers.
  • Most states have specific privacy laws. California has some of the most stringent laws in the country. You have a duty to notify your customers of a data breach, offer credit monitoring, pay for credit repair expenses, and face penalties and fines.
  • Carriers have addressed this as the most dangerous liability exposure to come forth within the past 10 years.
  • First party coverage considerations include loss of digital assets, non-physical business interruption and extra expense, cyber extortion, cyber terrorism, and security event costs.
  • Third party coverage considerations include liabilities for network security, privacy, employee privacy, and electronic media.
  • How a malicious code, a hacker attack, introduction of a virus, etc. could all compromise your network and trigger exposures such as release of customer information, media publishing liability, a shutdown of your system resulting in data re-construction, and business interruption.
  • A cyber liability policy may offer relief from these exposures. The smart business owner understands that cyber risk is growing rapidly and will make the proactive changes to educate customers and provide protection from this latest business liability exposure.

What you may not know

Cyber crime is evident in the transportation business as almost all companies have a website, transact business via the Internet, and use credit cards. Did you know. . .

  • Most artwork on websites are protected by copyright as are the informational and structural components of the websites. Lawsuits are filed every day for infringement, both copyright and substance.
  • Criminals are capable of ‘scanning’ customers’ credit card information and charging these customers and you. A recent criminal activity in a transportation company happened when a clever employee mimicked the charges with his own credit card machine, and used a name similar to his employer’s. Customers did not notice these ‘mirror image’ transactions and the transportation company issued refunds on supposed duplicate transactions until they noticed the names were not identical.
  • ‘Mirror’ websites are also set up which operate and mimic the host site and duplicate transactions as well to a similar account. This is normally an ‘inside’ job and is difficult to identify until it is too late.
  • The cost of legal defense, the loss of revenue while handling these ‘downtime’ issues, the loss of clients due to an inability to provide clearly defined coverage, and continued potential for recurring claims make cyber insurance a no-brainer.

Take action now
The protection of privacy data is imperative, not only from a liability standpoint but also from a reputation one as well:

  •  Micro-cut shredders should be used when destroying paper documents as conventional shredders are easily re-constructed by thieves. Hard drives should be totally destroyed. 
  • Deleting information does not destroy it. 
  • Only collect information which is needed. 
  • Establish daily processes to reduce the opportunity for access to information from clients by employees.
  • Purchase cyber liability as an endorsement to your current policy or as a separate policy.

Do it today as the criminals are working. If your agent has not discussed this with you, then find a new agent.

Facts On Evolving Liabilities: Cyber, Privacy & Security Exposures

If you have not heard of or been involved in a cyber liability situation, you should feel fortunate. It is the leading liability issue facing U.S. businesses and the following are some considerations for you as a transportation business owner. This industry is set up for these criminals to flourish as there are websites and credit card information loosely controlled. Please consider:

Costs & Controls
The average organizational cost of a data breach reached $7.25 million in 2010. Are you or your clients prepared? Here’s who has unauthorized access:

  • Hackers
  • Employees
  • Outsourcers and third party vendors

Here’s what they are accessing:

  • Laptops
  • Computer and wireless networks
  •  PDAs
  • Websites
  • Clouds
  • Credit card machines

Coverage Caveats
Traditional insurance does not respond, as property and crime policies exclude personal property in the care, custody and control of the insured. Liability policies generally exclude losses that occur outside the U.S. (where most hackers originate), only respond to personal injury when resulting from a publication incident, and respond only to defined professional services or defined acts or offenses.

As with all policies, the purpose of insurance is to transfer risk. The following are the first and third party risks associated with cyber liability:

  • Notification expenses
  • Business income and interruption expenses
  • Extortion payments
  • Crisis management expenses
  • Credit monitoring costs
  • Failure to maintain and implement reasonable security measures
  • Negligence
  • Unfair, deceptive and unlawful trade practices
  • Breach of contract
  • Legal defense and damages
  • Media and intellectual properties
  • Violation of privacy

Underwriting issues include nature of business, revenue, number of records (exposure), risk management procedures, security and protection, and breach and claims history. The application for coverage is simple and takes less than a week for an answer. The basic cost is under $1,500 per year based on revenue. This needs to be an immediate topic with your agent. If not, find one who’ll talk about it right away.

Related Topics: data security, How To, Transpo Insurance

Comments ( 0 )
More Stories